Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

CVE-2023-33940

Related Vulnerabilities

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9454)

WordPress Plugin WordPress.com Custom CSS Cross-Site Scripting (1.5)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)

Oracle Database Server CVE-2016-5555 Vulnerability (CVE-2016-5555)

Severity

Medium

Classification

CVE-2023-33940 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities